Privacy policy

SOII SAS (SIRET 102947165), publisher of the soii.io platform and the app.soii.io application, is committed to protecting the privacy of its users.

This privacy policy describes the personal data we collect, the purposes for which we process it, and the rights you have under the General Data Protection Regulation (GDPR -- EU 2016/679) and the French Data Protection Act.

SOII SAS -- SIRET 102947165

Registered office: Grenoble, France

DPO contact: contact@soii.io

Identification data: email address, display name, user ID.

Usage data: stories created, personalization preferences (theme, age, style), usage statistics.

Technical data: IP address, user-agent, session identifier, connection timestamps.

Generated content: story texts, visual prompts, AI-generated illustrations.

We do not collect any sensitive data within the meaning of Article 9 GDPR (ethnic origin, political opinions, health data, etc.).

Provide and personalize the story-creation service.

Manage your user account and subscription.

Improve service quality and user experience.

Secure the platform and prevent abuse.

Comply with our legal and regulatory obligations.

Performance of contract: processing is necessary to provide the service you subscribed to.

Legitimate interest: service improvement, security, fraud prevention.

Legal obligation: retention of certain data required by law.

Consent: for marketing communications (where applicable).

Your data is stored on Google Cloud Platform (europe-west1 region, Belgium) via Firebase services (Authentication, Firestore) and Google Cloud Storage.

Communications are encrypted with TLS/HTTPS. Data at rest is encrypted by Google Cloud.

Access to data is restricted to authorized members of the SOII team only, following the principle of least privilege.

Account data: kept for the duration of your subscription, then deleted within 30 days after account closure.

Stories and generated content: kept as long as your account is active. Deleted within 30 days after account deletion.

Technical data (logs): kept for a maximum of 12 months for security purposes.

We never sell your personal data.

Technical processors: Google Cloud Platform (hosting, storage), AI providers for content generation (text and image). These processors are bound by contractual clauses compliant with the GDPR.

We only share your data with third parties when required by law (judicial or tax authorities).

Some processors (Google LLC, AI providers) may process data outside the European Economic Area. These transfers are governed by the European Commission’s Standard Contractual Clauses or by adequacy decisions.

Under the GDPR, you have the following rights:

Right of access: obtain a copy of your personal data.

Right of rectification: correct inaccurate or incomplete data.

Right to erasure: request deletion of your data.

Right to data portability: receive your data in a structured, readable format.

Right to object: object to processing based on legitimate interest.

Right to restriction: temporarily restrict processing.

To exercise these rights, contact us at: contact@soii.io. We will respond within 30 days.

If you believe your rights are not being respected, you may lodge a complaint with the CNIL (www.cnil.fr).

This site only uses technical cookies strictly necessary for the service to function (authentication, session). No advertising or third-party tracking cookies are used.

SOII is a service intended for parents and legal guardians. Children do not use the platform directly. We do not knowingly collect personal data from children under 16.

We reserve the right to modify this policy. In case of material changes, we will notify you by email or via a notification on the platform.